If you’ve just clicked on a phishing link, you’re probably starting to worry. Have you just unleashed a highly dangerous bit of malware onto your systems? Is a hacker now scanning through all your files in a plot to steal your identity?
Before you tear your hair out speculating, have a read of this article first where we’ll tell you exactly what to do to prevent any damage and how to avoid clicking on phishing links in the future.
What is phishing?
First, a quick recap. You probably know that phishing, in general terms, is a social engineering tactic used by hackers to lure unsuspecting victims into handing over their personal information. This data is extremely valuable to hackers, who might sell it on the Dark Web or use it to access other accounts owned by the user to gather more information or launch an even wider phishing campaign.
Phishing has evolved over time and can now be highly sophisticated. Not only are we now dealing with different kinds of phishing - URL phishing, Clone phishing, business email compromise - but also different entry points. People can get tricked via the traditional email method but we’re now seeing phishing attacks made over the phone (vishing) or by SMS (smishing) become more popular among hackers too. In fact, it was reported that SMS-based scams rose by 328% in 2020 during the pandemic.
So, don’t be too hard on yourself for clicking on a phishing link. The truth is people are fooled every day because these scams are getting harder to spot. According to the UK Government’s Cyber Breaches survey, phishing took first place as the most common threat vector this year, making up 83% of cyber attacks.
How do you know if you’ve been phished?
Ok, so maybe you didn’t click on a phishing link…or maybe you did? If they’ve done their job well, hackers won’t make it glaringly obvious that they’re trying to fool you. Luckily, most phishing attacks usually have one or two give-aways.
- The sender: If the message appears to be from someone you know, check in with them and ask if was really them who sent it. They’ll probably appreciate the heads up if it turns out someone has breached their account! You should also check the sender’s domain closely to see if it’s consistent with who they say they are. Often hackers will change just one letter of a trusted domain which might easily be missed by the recipient.
- The content: Read through the message. If you’re being urged to act fast or provide specific information like banking details, treat it with caution.
- The spelling: Phishing emails are often not written in the best English, so look out for poor spelling and grammar which might suggest it’s spam.
- The link: Hover over the link itself to see if it’s consistent with the domain
If, after a bit of digging, you’re pretty convinced you’ve been fooled by a phishing attack, it’s time to do a bit of damage control.
Don’t provide any personal information
If the link has taken you to a page asking for you to fill in your details, avoid this at all costs. This gives the hacker exactly what he’s after.
Disconnect from the internet
Clicking on the link may have triggered malware to be downloaded, so it’s a good idea to disconnect from whatever WiFi you’re using to avoid malware moving across the network onto other devices.
Ideally, you back up regularly anyway so this doesn’t necessarily have to be a full device backup but if malware has been downloaded onto your device, chances are it could wipe or damage your data. Backing up important data can be done using an external hard drive or USB and will avoid you losing everything in the case of a data breach.
Check for malware
Whether you suspect malware or not, it's always best practice to scan your system for viruses that might have been downloaded when you clicked on the phishing link. Most operating systems already have built-in antivirus software which you can use to check if any harm has been done. If you don't have any malware scanning software, there are plenty of free and paid options online but you should use another device to download the software online and then with a USB transfer it across to the affected device. It's important you don't reconnect the original device to the internet to avoid any malware spreading.
Hackers can access your credentials via phishing links so if you think you clicked on one, it's important to change your online passwords, particularly to things like bank accounts, to avoid further damage. You should never reuse the same passwords across accounts as this makes it even easier for a hacker to wreak havoc. Always create strong, unique passwords, and use something secure like a password manager to keep track of them.
Chances are if you clicked on a phishing link that no real damage is done and you can move on with a bit of a wake-up call to help you act more cautiously online in the future. However, it's always best to assume the worst and go through these steps if you think you've been targeted in a phishing, vishing or smishing attack. It's a good idea to remind yourself periodically of what to look for when you're being phished, especially as attacking techniques grow more sophisticated, so you can avoid clicking on any phishing links in the future.
If you're ever uncertain as to whether your data has been stolen, you can quickly check if your domain has been breached with our free online tool.